ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 148 discussion

Exam question from Amazon's AWS-SysOps
Question #: 148
Topic #: 1
[All AWS-SysOps Questions]

You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?

  • A. The user should create a separate IAM user for each employee and provide access to them as per the policy
  • B. The user should create an IAM role and attach STS with the role. The user should attach that role to the EC2 instance and setup AWS authentication on that server
  • C. The user should create IAM groups as per the organization's departments and add each user to the group for better access control
  • D. Attach an IAM role with the organization's authentication service to authorize each user for various AWS services
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user is managing an AWS account for an organization that already has an identity system, such as the login system for the corporate network (SSO). In this case, instead of creating individual IAM users or groups for each user who need AWS access, it may be more practical to use a proxy server to translate the user identities from the organization network into the temporary AWS security credentials. This proxy server will attach an IAM role to the user after authentication.
by awscertified at March 5, 2020, 12:58 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ThomasY
Highly Voted 3 years, 1 month ago
why not C? 1000 users. it is too complicated to attach IAM role.
upvoted 6 times
albert_kuo
1 year, 5 months ago
While IAM roles are useful for providing temporary access credentials, they are typically associated with specific tasks or services and are not ideal for granting broad access to most employees.
upvoted 1 times
albert_kuo
1 year, 5 months ago
please delete this comment
upvoted 1 times
...
...
...
BATSIE
Most Recent 8 months ago
Selected Answer: C
D is wrong , unwieldy and difficult to manage at scale. leading to administrative overhead.
upvoted 1 times
...
albert_kuo
1 year, 5 months ago
Selected Answer: C
This option allows for logical grouping of users based on their departments or functional roles within the organization. By creating IAM groups, the organization can define policies and permissions at the group level, making it easier to manage and grant access to services for multiple employees. This approach provides a scalable and efficient way to manage access control across a large number of users.
upvoted 1 times
...
xxxdolorxxx
3 years ago
D gets my vote.
upvoted 1 times
...
Monty85
3 years ago
Shouldn't it be B?
upvoted 1 times
albert_kuo
1 year, 5 months ago
While IAM roles are useful for providing temporary access credentials, they are typically associated with specific tasks or services and are not ideal for granting broad access to most employees.
upvoted 1 times
...
...
awscertified
3 years, 1 month ago
D. Attach an IAM role with the organization’s authentication service to authorize each user for various AWS
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago